W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

Certificate Revocation in Java

From: Ben Wilson <ben@digicert.com>
Date: Wed, 6 Mar 2013 09:40:09 -0700
To: <public-webappsec@w3.org>
Message-ID: <00bb01ce1a89$444f4310$ccedc930$@digicert.com>
Is this within the scope of your charter / domain?

Malicious applet using stolen code signing cert still installs because Java
has revocation checking turned off by default.  

http://www.net-security.org/secworld.php?id=14557

 
Received on Wednesday, 6 March 2013 16:40:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:00 UTC